Updating mod_jk.nlm from Tomcat website results in Error 404

  • 3363985
  • 09-Jan-2008
  • 27-Apr-2012

Environment

Novell Apache on NetWare
Novell Tomcat on NetWare 6.5
Novell NetWare 6.5

Situation

Due to security vulnerability involving the Tomcat connector, mod_jk.nlm was updated from the Tomcat website. After the upgrade, all pages that are served through Tomcat are inaccessible and result with an Apache "Error 404- Page Not Found."

The file that was downloaded and installed is:
mod_jk-1.2.26-httpd-2.0.61-nw.zip

Resolution

Revert to the shipping version of mod_jk.nlm. If security is a concern, edit the SYS:/tomcat/4/conf/server.xml file and locate the AJP connector (search for port 9009 and 9010). In the tag (after "connector" but before the closing">" symbol), add a configuration setting for :
address="127.0.0.1"
This should force that connector to only listen on the loop back address.

Additional Information

The NLM has also been known to cause Apache to fail loading the AJP13 connectors, failing with an error regarding JkWorkersFile already being set, and not setting twice.

The default Apache workers file specifies contacting the service on the loop back address. If this has changed, or if another server requires connecting to this servers instance of tomcat, do not make this change. It prevents anything on the network from connecting to the tomcat connector. An example of the connector tag would be :

<
Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="9010" minProcessors="5" maxProcessors="250"
address="127.0.0.1"
enableLookups="true"
acceptCount="10" debug="0" connectionTimeout="0"
useURIValidationHack="false"
protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>

Feedback service temporarily unavailable. For content questions or problems, please contact Support.